Infrastructure + Security: Noteworthy News (December, 2017-Part 2)

Hello there! Stanislav Belov here to bring you the next “End of the Year” issue of the Infrastructure + Security: Noteworthy News series!  

As a reminder, the Noteworthy News series covers various areas, to include interesting news, announcements, links, tips and tricks from Windows, Azure, and Security worlds on a monthly basis. Enjoy! 

Microsoft Azure
Free eBook – The Developer’s Guide to Microsoft Azure now available
The book was written by Michael Crump and Barry Luijbregts to help you on your journey to the cloud, whether you’re just considering making the move, or you’ve already decided and are underway. This eBook was written by developers for developers. It is specifically meant to give you the fundamental knowledge of what Azure is all about, what it offers you and your organization, and how to take advantage of it all.
Azure Backup now supports BEK encrypted Azure virtual machines
Azure Backup stands firm on the promise of simplicity, security, and reliability by giving customers a smooth and dependable experience across scenarios. Continuing on the enterprise data-protection promise, we are excited to announce the support for backup and restore of Azure virtual machines encrypted using Bitlocker Encryption Key(BEK) for managed or unmanaged disks.
VMware virtualization on Azure
is a bare metal solution that runs the full VMware stack on Azure co-located with other Azure services. This enables customers to migrate their VMware VMs onto a native VMware environment on hosted Azure infrastructure.
Windows Server
How customers are using Shielded Virtual Machines to secure data

You’ve read and heard a lot from Microsoft about the unprecedented security provided by Shielded Virtual Machines in Windows Server 2016, but how is this feature being used by real customers? We decided to round up a few customer stories for you, to illustrate the various real-world benefits being reported by users of Shielded VMs in Windows Server 2016.

1711 update to Project “Honolulu” Technical Preview is now available!

Project “Honolulu” was announced in September and had a fantastic reception at Ignite. To all of you that have downloaded the Technical Preview and provided feedback via UserVoice, thank you. We’ve been reading your feedback closely and your input drove this update. On December 1st we released the first public update to the Technical Preview.

Windows Client
New Remote Desktop app for macOS available in the App Store
Download the next generation application in the App Store today to enjoy the new UI design, improvements in the look and feel of managing your connections, and new functionalities available in a remote session.
Security
Cybersecurity Reference Architecture & Strategies: How to Plan for and Implement a Cybersecurity Strategy

Planning and implementing a security strategy to protect a hybrid of on-premises and cloud assets against advanced cybersecurity threats is one of the greatest challenges facing information security organizations today.

Detonating a bad rabbit: Windows Defender Antivirus and layered machine learning defenses

Windows Defender Antivirus uses a layered approach to protection: tiers of advanced automation and machine learning models evaluate files in order to reach a verdict on suspected malware. While Windows Defender AV detects a vast majority of new malware files at first sight, we always strive to further close the gap between malware release and detection.

In this blog post we’ll look at how additional automated analysis and machine learning models can further protect customers within minutes in rare cases where initial classification is inconclusive.

Windows Defender ATP machine learning and AMSI: Unearthing script-based attacks that ‘live off the land’

In this blog, we explore how Windows Defender ATP, in particular, makes use of Antimalware Scan Interface (AMSI) inspection data to surface complex and evasive script-based attacks. We look at advanced attacks perpetrated by the highly skilled KRYPTON activity group and explore how commodity malware like Kovter abuses PowerShell to leave little to no trace of malicious activity on disk. From there, we look at how Windows Defender ATP machine learning systems make use of enhanced insight about script characteristics and behaviors to deliver vastly improved detection capabilities.

How Azure Security Center detects vulnerabilities using administrative tools

Backdoor user accounts are those accounts that are created by an adversary as part of the attack, to be used later in order to gain access to other resources in the network, open new entry points into the network as well as achieve persistency. MITRE lists the create account tactic as part of the credentials access intent of stage and lists several toolkits that uses this technique.

In this post, we’ll go into the details on one such example, enabling Azure Security Center to detect usage of backdoor user account creation.

Vulnerabilities and Updates
December 2017 security update release
On December 12 we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this month’s security updates can be found in the Security Update Guide.
Support Lifecycle
The next End of Support deadline is January 9, 2018.
The following products and Service Packs will NO longer be supported after this date:

  • Office Communications Server 2007
  • Office Communications Server 2007 R2
  • Windows 10 Mobile (released in Nov. 2015)
  • System Center Data Protection Manager 2007
  • System Center Virtual Machine Manager 2007    
Microsoft Premier Support News
A new service, Activate Azure with Hybrid Cloud, is now available to help introduce the basics of common Microsoft Azure workloads, provide guidance and education for IT engineers and provides support during initial workload deployments.
A new Cybersecurity Operations Service (COS) is a service offering for organizations that are looking to understand and reduce their exposure to the risks posed by today’s targeted attacks from determined human adversaries and sophisticated criminal organizations. It is a proactive, discreet service that involves a global team of highly specialized resources providing remote analysis for a fixed-fee. This service is, in effect, a proactive approach to identifying emergencies before they occur.